1.1. Welcome to Mercado Bitcoin. Your privacy is essential issue for us. Whether you are a customer, employee, agent, service provider or visitor to our website (www.mercadobitcoin.com.br) and/or mobile application and/or third-party or own APIs (hereinafter referred to as “Platform”), be sure that Mercado Bitcoin is concerned with the protection of your personal data.
1.3. Individuals representing legal entities, when they are not themselves the legal representatives of the respective legal entities as per their current articles of incorporation/bylaws, may have the authorization to access the Platform subject to the submission of authorizations by the legal entities to which they are linked.
1.4. Mercado Bitcoin does not accept registrations of minors, under 18 years of age, except if over 16 years old and emancipated by parental consent or by court decision and in the other cases of art. 5, sole paragraph, of the Civil Code.
1.7. We have divided this Policy into subjects, which can all be accessed through separate links. Please read them all, but for your convenience, whenever you want to revisit a topic, you can click on the topic of interest, and you will then be directed to the respective page:
2.1. we are MERCADO BITCOIN SERVIÇOS DIGITAIS LTDA., a company enrolled with the Brazilian Corporate Taxpayers' Registry (CNPJ) under no. 18.213.434/0001-35, and headquartered at Alameda Mamoré, 687, suite 303, r. 03, Alphaville Industrial, Barueri/SP, ZIP 06454-040.
3.1. Personal data means all information related to the identified or identifiable natural person, such as name, identity document, address, contact information, etc
3.2. Your data may be collected by Mercado Bitcoin, when you:
a) browse our website, register with us and makes transactions on the Platform;
b) share fundamental information for the performance of the services and improvement of Mercado Bitcoin processes; and
c) get in touch with our service channels.
3.3. Other possible ways Mercado Bitcoin may obtain data, as the case may be, are through external partners and information providers, which help us to understand demographic data and socioeconomic profiles, adding on to the data collected by us; social networks, provided you have given permission to access data on one or more networks, and official public sources, such as public or private databases.
3.4. All data collection sources ensure the protection and confidentiality of your data in accordance with the practices described in this document, with the legislation and with other applicable rules.
3.5. The personal data that will be requested for you to be able to have full access to our services, as the case may be, are: in the case of an individual: Tax ID (CPF), date of birth and email. In the case of a legal entity, Mercado Bitcoin will establish the documents that will be requested.
3.6. Mercado Bitcoin will also ask you to send a scanned copy of a valid photo ID, in addition to a selfie, which is characterized as sensitive personal data essential for identification control in computer systems and, without which, Mercado Bitcoin is unable to render the services provided herein. These are the minimum information necessary for Mercado Bitcoin to be able to securely provide its services, that is, by properly identifying who you are.
3.7. Without the submission of these documents and information, the use of our channels, services and features may be restricted and may even be rendered unfeasible. Mercado Bitcoin may, as the case may be, request other necessary documents from you, in order to ensure full access to the Platform's services, such as income and residence certificates, necessary for upgrading to the Gold segment. In any case, the necessary documents are indicated at Page 4 of 14 https://www.mercadobitcoin.com.br/comissoes-prazos-limites. Please check this link when registering to use the Platform.
3.8. When you register with us, browse our Platform , and use our services, the following data and information may be collected, among others:
a) Contact details: telephone numbers and other related data, with the objective of ensuring greater security to the services and accuracy to the information you provide;
b) Credentials: we collect cryptographic hashes of passwords, secure words, security PIN and necessary security information that you choose for the authentication process, access to accounts and transactions, for the proper control of the access to your account;
c) Demographic data: gender, address, education, income;
d) Financial data: we collect data necessary for withdrawals in Reais (R$), such as bank, account number and branch, as well as information and history of operations carried out on the Platform for your control. We collect trading API keys and encrypted wallet address;
e) Usage data: in addition to data related to your transactions with Crypto, including your user profile, we store data related to your interaction with our communications channels, such as visit duration, navigation paths on the Platform, pageview behavior, access device characteristics, browser, Internet Protocol (IP) address with date and time, IP source, bandwidth and internet service provider (ISP), operating system, device manufacturer, carrier, model, Wi-Fi networks, phone number, device data, device identification (IMEI/MEID), mobile carrier and country of registration and settings;
f) Service data: your interaction on our service channels is also recorded, as well as other details of your contact, which may include content from chat conversations;
g) Relationship data: only when granted unequivocal permission, we may capture data concerning the contacts in your relationship network;
h) Location data: we can, through our Platform, collect location data originating from GPS (Global Navigation System), GNSS (Global Navigation Satellite System), from mobile communications towers, Wi-fi access points or location coming from your IP.
i) Investor Profile Data: we may collect data related to the assets in which you normally invest, for how long and how you would behave in case of abrupt losses of value;
j) Sports Preferences: We may collect data regarding your preference for specific teams (for example football).
3.9. Subscription to the services provided by Mercado Bitcoin presumes the permission to send electronic messages (such as, for example, emails , notifications and SMS) of security and administrative nature, in addition to advertising content, and such submission is essential for the performance and development of our activity. If you do not agree with this procedure, it will be necessary to request the cancellation of your account at Mercado Bitcoin.
4.1. The main purpose for which we collect your personal data is to comply with the contract with you and offer you the best experience, in a safe, efficient and customized manner. We also use the data collected to create, develop, analyze, communicate, operate, deliver and improve our products, processes and services, to deliver a personalized and sound experience. Without prejudice to the provisions of this item, we may use the data we collect to:
a) Allow transactions to be carried out with Cryptocurrencies made available and supported by Mercado Bitcoin, create purchase and sale orders and generate and allow access to your virtual wallet;
b) Improve our products, processes and services;
c) Customize content, make changes to our products and channels;
d) Provide new features, products and promotional strategies;
e) Offer new products and/or services to you, as well as personalized service and investment portfolio monitoring;
f) Carry out research and campaigns in order to continuously improve Mercado Bitcoin's user experience.
g) Solve problems and answer questions, ensuring the quality of our services and assistance.
h) Establish relevant and assertive communication, respecting your preferences for interaction, as well as for sending important notices, such as announcements, registering changes in software, features, conditions and policies, among others;
i) Improve our security even more, acting effectively in cases of suspicious activities and violations of terms or policies;
j) Analyze the performance, the trends and measure the Platform's audience, check your browsing habits on the Platform, how you arrived on the Platform (for example, through links from other sites, search engines or directly), evaluate statistics related to the number of accesses and use of the Platform, its resources and features;
k) Evaluate and monitor risks for the security of the Platform, improving and developing our security tools, including in compliance with our guidelines for the prevention of Money Laundering and Countering the Financing of Terrorism; and
l) Compliance with legal and regulatory obligations.
4.2. For the qualification, training purposes and for your safety, Mercado Bitcoin may monitor or record telephone conversations with you or with people acting on your behalf. By communicating with Mercado Bitcoin, you understand, agree and authorize that communications may be heard, monitored and/or recorded without prior notice or notification.
4.3. You agree and authorize Mercado Bitcoin to use, copy, reproduce, make available, transmit, process, share and translate into any languages any and all statements, representations, opinions, impressions, comments and suggestions that you decide to make public on our Platform, including social networks, with possible reference or not to your name and your profile picture on these social networks, without any consideration being due by Mercado Bitcoin.
4.4. In addition to the above provisions, Mercado Bitcoin, respecting your privacy, sends messages by electronic means, such as the notifications center on the Platform itself, emails and notifications to confirm Platform activities, for advertising purposes, and also uses technologies such as cookies, pixel tags, local storage or other identifiers, whether from mobile devices or not, for authentication of accounts, improvement of services, customization and for communications of general interest. The sending frequency may vary, depending on your interaction with these communications. At any time, you can request the interruption of these emails through our communication channels, which will be met by Mercado Bitcoin within 10 (ten) days as from your request, by accessing:
a) the Platform, in the menu "Settings / Preferences / Notifications".
b) our Promotional emails, by the respective unsubscribe link.
5.1. Mercado Bitcoin ensures the rights that you have in accordance with the Brazilian General Data Protection Law, the Brazilian Civil Rights Framework for the Internet and the other Brazilian laws related to data protection, and which are:
a) Access to personal data: allows you to access your own personal data provided in your registration and to request additional information, if you wish;
b) Correction of personal data: allows you to request the correction and/or rectification of your personal data, at any time, in case you identify that any information is incomplete, inaccurate or outdated;
c) Block or deletion of unnecessary, excessive or processed personal data in non-compliance with the Brazilian General Data Protection Law: allows you to request us to cease with the processing of your personal data, and the action taken will be evaluated and met on a case-by-case basis, safeguarding the duty of storage for the legal term in accordance with the Brazilian Civil Rights Framework for the Internet, the Consumer Protection Code and the Civil Code , observing the limitation period for any judicial or administrative claims;
d) Right to portability of personal data: allows you to request Mercado Bitcoin to provide you, or third parties you choose, with your personal data in a structured and inter-operable format;
e) Right of deletion of processed personal data with the consent of the data subject: allows you to request the deletion of your personal data when the processing of this data is optional and has your consent as legal basis, except for the maintenance of data necessary for (i) the compliance with legal or regulatory obligations; (ii) a study by a research body, ensuring, whenever possible, the anonymization of personal data; (iii) compliance with a judicial or administrative decision that requires it; or (iv) because of the duty of storage for the legal term in accordance with the Brazilian Civil Rights Framework for the Internet, the Consumer Protection Code and the Civil Code, subject to the limitation period for any judicial or administrative claims.
f) Right to information about the sharing of personal data: allows you to request information about third parties with whom the Mercado Bitcoin shares your personal data; and
g) Right to revoke consent at any time and the right not to provide it and the consequences of such refusal: allows you to revoke your consent at any time, however, depending on the nature of the personal data, the revocation may imply the impossibility to use the Platform on a permanent basis. Revocation of consent will not have retroactive effects.
5.2. To exercise your rights, you can use the contact channels in our Platform, preferably, unless your agreement with Mercado Bitcoin provides otherwise.
5.3. If you are one of our customers, before meeting your request, Mercado Bitcoin will request additional information to confirm your identity, through one of our KYC - Know Your Client tools. In the event that Mercado Bitcoin is not the Controller of the requesting individual's personal data, Mercado Bitcoin will inform the former about its position as a Personal Data Processor and, if possible, indicate the Controller responsible for meeting such request.
5.5. If you need any assistance to exercise your rights, please contact our Help Center, at https://suporte.mercadobitcoin.com.br/hc/pt-br/requests/new, or our Data Protection Officer at the email address [email protected].
7.1. Mercado Bitcoin will store your personal data for the duration of the contractual relationship with you, except if legal or regulatory provisions establish otherwise and as required by the maximum statue of limitation provided for in the Brazilian Civil Rights Framework for the Internet, the Consumer Protection Code and the Civil Code. In the event of no contractual relationship, Mercado Bitcoin will store the information you have agreed to provide to us until further request for disposal of your data and in accordance with applicable law.
9.1. Mercado Bitcoin has incorporated all the requirements from the Brazilian General Data Protection Law and other laws and regulations regarding data protection in the processing of your personal data, adopting the following premises:
a) Data minimization. In all the processing of personal data, whether hard or digital data, Mercado Bitcoin strives to only collect and process personal data that are minimally necessary and compatible with the purposes, as set out and informed to the data subjects (taking into account the principles of purpose, suitability and necessity).
b) Transparency.. Mercado Bitcoin ensures that any and all processing of personal data, including under the different forms of collection, use and storage, is fully known by the data subjects as to the type of data, purpose, as well as its preservation and storage period.
c) Confidentiality.. Mercado Bitcoin adopts organizational and technical measures aimed at the confidentiality of personal data under its care, managing and controlling access only to authorized persons, as well as adopting log tracking measures to anticipate and mitigate risks.
d) Prevention and security. Mercado Bitcoin performs regular risk assessment routines and updates technical information security measures to ensure adequate protection of personal data. In this sense, it also ensures, as much as possible, the anonymization or, at least, the pseudonymization of personal data subject to scientific research, statistical analysis and evaluation of any nature to meet the legitimate interests of Mercado Bitcoin, especially those that involve sharing with third parties.
e) Data quality and free access. Mercado Bitcoin ensures to data subjects easy and free access to their personal data, as well as that their data is clear, accurate and up to date.
f) Non-discrimination. Mercado Bitcoin ensures that all personal data processing is carried out lawfully, without any type of discrimination of any kind.
g) Relationship with third parties. In all its relations with third parties that involve the flow of personal data under the responsibility of Mercado Bitcoin, whether with partners or service providers, Mercado Bitcoin will ensure that the contracts establish clauses that provide instructions and regulate the duties and obligations of the third parties as to the protection of your personal data.
h) Liability and accountability. Mercado Bitcoin will continuously strive to adopt effective measures capable of proving the observance and compliance with the rules of protection of personal data.
9.2. All personal data is stored in a secure environment, in a cloud environment ( “ cloud ” ) and on hard servers of providers selected with the premise of respecting data protection legislation, and Mercado Bitcoin not only observes all the rules for transfer of personal data, but is also diligent in ensuring its technological service providers are in line with the company's guidelines for data protection and ensure the data subjects the same level of protection required by Brazilian legislation.
10.1. Mercado Bitcoin adopts organizational measures, carrying out training and qualification of its staff, as well as technical measures aimed at information security, for the protection of personal data, against unauthorized disclosure, undue access, change and loss or leakage of data, whether accidental or unlawful. Mercado Bitcoin applies the best security practices in the processing of personal data, such as encryption, regular security monitoring and testing, firewall, among others. Despite all our efforts on information security, the unauthorized access to or use of restricted client areas due to a failure by the data subject (you), or even hardware or software failure and cyber-attacks can compromise the security of your personal data.
10.2. Mercado Bitcoin has mechanisms for access controls and log tracking, with different levels of access restriction to the collected data, ensuring its specific contracts - whether with staff, agents or service providers - have provisions establishing that any non-compliance with this rule involves fines and contract terminations.
10.3. Maintain a safe environment; adopt good practices in creating a password, do not share third party data, such as logins and passwords, use strong passwords, do not use your Mercado Bitcoin password on other websites or services, changing it regularly; enable 2-step verification. It is also important to always disconnect from our Platform after use, avoiding using it on public computers or access networks and keeping your operating system and antivirus up to date.
10.4. Mercado Bitcoin does not send emails or notifications requesting confirmation or personal data, passwords, credit card numbers, encrypted wallet address, etc.; this can be phishing, fraudulent practice that aims to trick you into sharing personal information, logins and passwords with ill-intended individuals. It also does not send electronic messages with attachments that can be executed (extensions: .exe, .com, among others) or links to any downloads. Never reply to any of these emails and please report them on our service channels.
11.2. The São Paulo/SP District Court is hereby appointed in order to settle any disputes that might arise in relation to this Privacy and Personal Data Protection Policy.
11.3. The following instruments are integral and inseparable parts of this Privacy and Personal Data Protection Policy, and are considered incorporated herein by reference:
12.1. Mercado Bitcoin undertakes to review this Privacy and Personal Data Protection Policy regularly in order to ensure its compliance with law, as well as to comply with the guidelines of the National Data Protection Authority (ANPD), and may, for this purpose, amend its terms at any time. Whenever there is a relevant amendment, such as a new purpose for the personal data already indicated, you will be notified through the contact information provided by you or by a notification through the Platform. In the notification we provide, you will have access to the new text of the Privacy and Protection of Personal Data Policy.
13.1. If you have any questions and/or need to address any matter related to this Privacy and Personal Data Protection Policy, please contact us at [email protected]. If you are our customer, please keep your contact details always up to date, so that we can contact you by email, preferably.
13.2. Our DPO (Data Protection Officer) is Joamir Ângelo Roncasaglia and his email is [email protected].